EMC is a global leader in enabling businesses and service providers to transform their operations and deliver information technology as a service (ItaaS). EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze information in a more agile, trusted and cost-efficient way.

Forbes BrandVoice™ allows marketers to
connect directly with the Forbes audience by enabling them to create
content – and participate in the conversation – on the Forbes digital publishing
platform. Each BrandVoice™ is produced
by the marketer.
More on BrandVoice™ here
, or email us directly at
brandvoice@forbes.com.

Litigation risk increased ten-fold if the breach was caused by a cyber-attack (vs. lost, stolen or improperly disclosed data). The paper,”Empirical Analysis of Data Breach Litigation,” also concluded that the “odds of a firm being sued as a result of improperly disposing data are three times greater relative to breaches caused by lost/stolen data, and six times greater when the data breach involved the loss of financial information.”

CMU lead researcher Sasha Romanosky obtained publicly reported breach records from DATALOSSdb then cross-referenced them with WestLaw and PACER (Public Access to Court Electronic Records) to perform the analysis of 230 federal lawsuits between 2000 and 2010.

Although news headlines are heavy on security breaches, the research evidence in the study suggests only 4% of publicly reported breaches led to federal litigation, and of that, roughly half are settled.Settlements tend to range from $500 to $15K per plaintiff, who are commonly seeking restitution as a result of the impact of fraud and identity theft from the breach.

The number of plaintiffs for any single breach is wide ranging, and attorneys are more likely to pick up cases with a larger number of victims to increase fees. Average attorney fees for cases were $1.2 million, according to the CMU study.

Companies with higher sensitivity and more regulated data, such as financial and medical firms are generally at higher risk of litigation. For example, the study concluded that a breach of medical information over other data categories increased the probability of case settlement by 31%. Breaches that occur with less sensitive, less regulated data–for example, e-mail addresses only, would be less likely to find themselves in litigation.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.